Intel CEO: Fixes on the way for serious chip security flaws

Intel CEO: Fixes on the way for serious chip security flaws

LAS VEGAS — Intel has big plans to steer toward new business in self-driving cars, virtual reality and other cutting-edge technologies. But first it has to pull out of a skid caused by a serious security flaw in its processor chips, which undergird many of the world’s smartphones and personal computers.

Intel CEO Brian Krzanich opened his keynote talk Monday night at the annual CES gadget show in Las Vegas by addressing the hard-to-fix flaws disclosed by security researchers last week. At an event known for its technological optimism, it was an unusually sober and high-profile reminder of the information security and privacy dangers lurking beneath many of the tech industry’s gee-whiz wonders.

Some researchers have argued that the flaws reflect a fundamental hardware defect that can’t be fixed short of a recall. But Intel has pushed back against that idea, arguing that the problems can be “mitigated” by software or firmware upgrades. Companies from Microsoft to Apple have announced efforts to patch the vulnerabilities.

And Krzanich promised fixes in the coming week to 90 percent of the processors Intel has made in the past five years, consistent with an earlier statement from the company . He added that updates for the remainder of those recent processors should follow by the end of January. Krzanich did not address the company’s plans for older chips.

To date, he said, Intel has seen no sign that anyone has stolen data by exploiting the two vulnerabilities, known as Meltdown and Spectre. The problems were disclosed last week by Google’s Project Zero security team and other researchers. Krzanich commended the “remarkable” collaboration among tech companies to address what he called an “industry-wide” problem.

While Meltdown is believed to primarily affect processors built by Intel, Spectre also affects many of the company’s rivals. Flaws affecting the processor chips also endanger the PCs, internet browsers, cloud computing services and other technology that rely on them. Both bugs could be exploited through what’s known as a side-channel attack that could extract passwords and other sensitive data from the chip’s memory.

Krzanich himself has been in the spotlight over the security issue after it was revealed that he had sold about $39 million in his own Intel stocks and options in late November, before the vulnerability was publicly known. Intel says it was notified about the bugs in June.

The company didn’t respond to inquiries about the timing of Krzanich’s divestments, but a spokeswoman said it was unrelated to the security flaws.

During his presentation Monday, Krzanich also launched into a flashy and wide-ranging celebration of the way Intel and its partners are harnessing data for futuristic innovations, from 3D entertainment partnerships with Paramount Pictures to virtual-reality collaborations with the 2018 Winter Olympics and a new breakthrough in so-called quantum computing.

A self-driving Ford Fusion rolled onto the stage of the casino theater where Krzanich gave his talk. It’s the first of a 100-vehicle test fleet run by Mobileeye, the Israel-based software company that Intel bought for $15 billion last year. Mobileeye processes the information cars “see” from cameras and sensors.

A flying taxi — the German-built Volocopter — later lifted from the stage. Then came the drones, in a musical performance that Krzanich said would mark a Guinness record for the “world’s first 100-drone indoor lightshow without GPS.”